Twilio RequestValidator for Python always returns false

Question

I'm trying to use Twilio with Google App Engine. I'm currently trying to validate requests coming in from Twilio with SMS messages. I have a custom handler that has the 2 methods below on it.

from twilio.util import RequestValidator

class TwilioRequestHandler(BaseRequestHandler):
    def twilio_request_validator(self):
        return RequestValidator(AUTH_TOKEN)

    def validate_request(self):
        if not 'X-Twilio-Signature' in self.request.headers:
            logging.error("X-Twilio-Signature was not in the request headers")
            return False
        return self.twilio_request_validator().validate(self.request.url, self.request.POST, self.request.headers['X-Twilio-Signature'])

When a request comes in on one of my TwiML endpoints, I call self.validate_request() from my request handler. This always seems to return false. As you can see from my code above, this should be the equivalent of calling Twilio's RequestValidator(AuthToken).validate(self.request.url, self.request.POST, self.request.headers['X-Twilio-Signature'])

I figured that it's possible that some of the request arguments that I received aren't supposed to be included when computing the signature, so I even went so far as taking the arguments for one request, creating a simple script checked all possible combinations, and compared it to the signature for that request. None of them were successful, so I have to be curious what I'm doing wrong, or if this is possibly something on the Twilio side.

Answer 1

Have you checked the protocol on the request URL against the Twilio endpoint?

Heroku apparently proxies HTTPS traffic to HTTP if Flask is configured for HTTP only. Flask's request.url will still begin with http:// even though Twilio is pointing at a URL that begins with https://. This will throw off hash.